Check if the service account to be impersonated actually exists
and proceed with uninstalling the Helm release only if it does.
Otherwise, skip uninstalling the release and carry on with finalization.
Add an e2e test to check if deleting a namespace with the RBAC and
HelmRelease succeeds with the namespace being fully deleted.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This is backwards compatible, as it only changes the type without the
further requirements around the YAML declaration.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This updates all the comparisons to make use of `HasRevision` which
supports the RFC-0005 and legacy revision formats.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Unlike the other Flux components, there are some scenarios in which a
timeout of 1h (or more) is justified to be able to Helm actions which
take a long time to finish.
To support this, widen the validation added in
54aee36b3a to allow the configuration
of the `h` time unit again. At the cost of theoretically keeping the
workers busy for a long duration of time (and thereby not processing
other changes), but without causing a full denial of service.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- Update Go to 1.19 in CI
- Use Go 1.19 in base image
- Update controller-gen v0.8.0 (v0.7 fails with Go 1.19) and regenerate manifests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Formalises the API requirements around TargetPath and ValuesKey,
which were the two fields missing validation within ValuesReference.
In both cases the validation was introduced at CRD level, so that
the apiserver will enforce it.
ValuesKey must be a valid Data Key. Therefore the same logic used by
upstream Kubernetes is reused here to ensure a valid key is being used.
For TargetPath a loose regex is being used to largely represent the
expected format. A max length of 250 is now being enforced.
This is a breaking change, as invalid TargetPath and ValuesKey will now
be rejected by the apiserver, instead of being accepted and potentially
failing at reconciliation time.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- github.com/fluxcd/source-controller/api to v0.25.3
- k8s.io/api to v0.24.1
- k8s.io/apiextensions-apiserver to v0.24.1
- k8s.io/apimachinery to v0.24.1
- k8s.io/cli-runtime to v0.24.1
- k8s.io/client-go to v0.24.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
- github.com/fluxcd/pkg/runtime to v0.14.1
- github.com/fluxcd/source-controller/api to v0.24.0
- github.com/hashicorp/go-retryablehttp to v0.7.1
- github.com/onsi/gomega to v1.19.0
- sigs.k8s.io/kustomize/api to v0.11.4
- sigs.k8s.io/kustomize/kyaml to v0.13.6
Signed-off-by: Hidde Beydals <hello@hidde.co>
When the flag --default-service-account was added it changed
slightly the behaviour of the spec.KubeConfig field. It forces
the impersonation to always take place, either via the contents
of spec.ServiceAccountName or its fallback at controller level.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Hidde Beydals